Hello,
I was thinking of it over night and I wonder...
</snip>
> 616 if (rt != NULL) {
> 617 rt->rt_mtu = tdb->tdb_mtu;
> 618 if (ro != NULL && ro->ro_rt != NULL) {
> 619 rtfree(ro->ro_rt);
> 620 ro->ro_rt = rtalloc(&ro->ro_dst,
> RT_RESOLVE,
> 621 m->m_pkthdr.ph_rtableid);
> 622 }
> 623 if (rt_mtucloned)
> 624 rtfree(rt);
> 625 }
> 626 ipsec_adjust_mtu(m, tdb->tdb_mtu);
> 627 m_freem(m);
> 628 return EMSGSIZE;
>
what would happen if there will be no PACKET_TAG_IPSEC_IN_DONE tag
at the packet? it seems to me that tdb->tdb_mtu won't get adjusted
then. If it is the case, then diff below should improve situation.
thanks and
regards
sashan
--------8<---------------8<---------------8<------------------8<--------
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c
index 396caa3ea13..65a1c7979fa 100644
--- a/sys/netinet/ip_output.c
+++ b/sys/netinet/ip_output.c
@@ -624,6 +624,13 @@ ip_output_ipsec_send(struct tdb *tdb, struct mbuf *m,
struct route *ro, int fwd)
rtfree(rt);
}
ipsec_adjust_mtu(m, tdb->tdb_mtu);
+ if (m_tag_find(m, PACKET_TAG_IPSEC_IN_DONE, NULL) == NULL) {
+ ssize_t adjust;
+
+ adjust = ipsec_hdrsz(tdb);
+ if (adjust != -1)
+ tdb->tdb_mtu -= adjust;
+ }
m_freem(m);
return EMSGSIZE;
}
